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Abbreviations and Acronyms 


AMSAT: Radio Amateur Satellite 
Corporation 


BN: Bayesian Network 

COTS: Commercial Off-The-Sheltf 

ETW: Electronics Technology Workshop 
GSN: Goal Structuring Notation 


ITAR: International Traffic in Arms 
Regulations 


JPL: Jet Propulsion Laboratory 
MBAC+: Model-Based Assurance Case + 
MBSE: Model-Based Systems Engineering 


NASA: National Aeronautics and Space 
Administration 

NEPP: NASA Electronic Parts and 
Packaging 

R&M: Reliability & Maintainability 
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Vanderbilt Engineering 
RHA: Radiation Hardness Assurance 


SEAM: Systems Engineering and 
Assurance Models 


SEFI: Single-Event Functional Interupt 
SEL: Single-Event Latch-up 

SEU: Single-Event Upset 

SRAM: Static Random Access Memory 
SysSML: Systems Modeling Language 
TID: Total lonizing Dose 

WDI: Watch-dog Input 

WDO: Watch-dog Output 

WDT: Watch-dog Timer 


WebGME: Web-based Generic Modeling 
Environment 
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NEPP Small Mission History and Workshops 


e FY13 
— Began discussions at https://nepp.nasa.gov/workshops/etw2013/talks.cfm 
— Held internal NASA meeting: EEE Parts for Class D Missions and CubeSats 
¢ Joint meeting supported by OSMA and OCE 
e FY14 


— Discussion at annual workshop and (open) small mission workshop 
e¢ https://nepp.nasa.gov/workshops/etw2014/talks.cfm 
¢ https://nepp.nasa.gov/workshops/eeesmallmissions/talks.cfm 
¢ NEPP plans updated based on feedback 


e FY15 
— https://nepp.nasa.gov/workshops/etw2015/talks.cfm 
e FY16 


— https://nepp.nasa.gov/workshops/etw2016/talks.cfm 
e FY17 (talks to be posted in the next few weeks) 
— https://nepp.nasa.gov/workshops/etw2017/ 
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NEPP - Small Mission Efforts 


SEE 
Reliability 
PEWS CubeSat 
(oO RoW: lale| Mission 
Non-Mil Data Success 
Analysis 


Best 
: CubeSat 
Practices and Databases 


equi fell ilarets 


Model-Based ; 
Mission Reliable 


Assurance VCoya alae! 


(MBMA) Small Groups 
*W NASA R&M Missions 


Program 


FY18 task area ideas: automotive, avionics, and autonomous vehicles resilience 
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Model-Based Systems Engineering (MBSE) for 
Mission Assurance (MA) - aka MBMA 


e Led by NASA/OSMA Reliability and 
Maintainability (R&M) Program 
— NEPP co-funds efforts that are EEE parts 
related (tasks listed below) 
¢ Completed tasks (assurance case) Salen SU elie 


— Vanderbilt University: Goal structuring 
notation (GSN) exemplar for single event 


effects (SEE) in a CubeSat electronics board Build Build 
e Current tasks Assurance Trade Sa HINGED Le 
Analyses Space Design 


— Vanderbilt University: 


¢ Bayesian nets for CubeSat electronics System Structure Requirements 
(radiation) Models Behavior Parametric 
e On-line sySML/GSN tool for CubeSat 
electronics 
—~ TOBE DEMOED on July 18, 2017 at IEEE Effective Policies and Standards 
NSREC conference 
* FY18 tasks (proposed) A Vision for Model Based Assurance 
— Vanderbilt SEES: | | - John Evans, NASAIOSMA 
e Integrate Bayesian nets with on-line tool and 
complete assurance case Note: Mission Assurance Improvement Workshop 
— TBD: (MAIW) is developing a MBSE for MA best 


¢ Exemplar for EEE parts reliability (non- practices document 


radiation) 
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Best Practices and Guidelines 


e Current tasks 


— Radiation hardness assurance (RHA) for 
Small Missions 
¢ NASAIGSFC: Michael Campola 
= Board-level proton testing Level 1 or 2, rad hard Jee 
suggested. — hard 
e JPL: Steve Guertin seatinanestsmemane 


Full upscreening 
for COTS. 
— Body of knowledge (BOK) on best jefault tolerant 
asia for EEE part reliability via | weswn | corsupscrenin! | cots wpsccening) | Level 102, ra 
Oal te Stl n g 8 recommended. Fault-tolerance iT eee 
« NASAIGSFC (Lentech): Ed Wyrwas 5 
COTS upscreening/ 
¢ Planned tasks commende 


testing recommended. 


i UT LOlerance 


— EEE Parts assurance for small missions 
¢ TBD (overdue) 


Low Medium High 
— Work with NASAIGSFC and NASA STMD oT ° 
for release of CubeSat tool 
» R-GENTIC (Michael Campola) NEPP Notional EEE Parts Assurance 
— R-Radiation GuidelinEs for Notional Threat - Tailored Risk Acceptance 
Identification and Classification 
¢ Planis to make available via the web Note: MAIW is developing a CubeSat Best 
(NEPP website) and demo at IEEE NSREC Practices for Mission Success (Test) document 
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Non-Mil/Aero EEE Parts 


e Automotive grade 


— Began FY15 
¢ Snapshot of representative part types under evaluation for reliability 
— Began FY16 
¢ Support of NASA Engineering Safety Center (NESC) automotive grade tests (limited 
electrical tests and a few radiation tests) 
— Plans 
¢ Guideline/lessons learned 
¢ Resilience/soft error rate — challenge in finding a partner 
e Have begun partnership with The Aerospace Corp 


« COTS 
— Testing of COTS has been a cornerstone of the NEPP Program including 
processors, memories, FPGAs, power devices, etc... 


e Multiple on “CubeSat” class electronics - see presentations at weblinks on chart 2. 
— Example: radiation data on Tl MSP430 processors 


— Plans 
¢ Discuss FY18 tasks for “CubeSat” class EEE parts 
e Plastic encapsulated device guideline 


¢ NEPP radiation data can found at 
—  http;//nepp.nasa.gov 
— http://radhome.gsfc.nasa.gov 
— OrvialEEE search 
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NEPP CubeSat Success and Databases 


e Mission Success Analysis (Prof. Michael Swartwout/SLU) 


— NEPP has been funding on-going tracking of CubeSat mission 
success with newer emphasis on root-cause (improved 
assurance practices) 

¢ Note: Prof. Swartwout is teaching a short course session on this 
topic at IEEE NSREC on July 17, 2017 
e CubeSat Databases 

— JPL: two studies (need to update studies or tie into other 

studies) 
¢ Kit manufacturer EEE parts approaches 
¢ What EEE parts NASA (and JPL) are using in CubeSats 

— JPL: Limited evaluation of CubeSat kit electronics boards 

— JPL Action: integrate databases with The Aerospace Corp, 
SPOON database and with success study (if possible) 

¢ New: discuss with Ames (Small Spacecraft Virtual Institute) 
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Radiation Reliability Analysis and Working 
Group 


e Single event effect (SEE) reliability analysis 


— NASAIGSFC (Melanie Berg/AS&D) - Current effort focused on 
developing model for treating SEE in a manner similar to reliability 
(i.e., how many 9’s rather than a SEE rate) 


— Planned task is integration with MBMA tools approach 
e Working groups 
— NEPP working group meets monthly on “CubeSat databases” 
¢ The Aerospace Corp and Prof. Swartwout participate 
— Support of MAIW (by invitation meetings with public document 
release) 


— Support of The Small Satellite Reliability Initiative- A Public-Private 
Collaboration (POC: Mike Johnson — NASAI/IGSFC) 


To be presented by Rebekah Austin and Ken LaBel at the 2017 Institute of Electrical and Electronics Engineers (IEEE) Nuclear and Space Radiation Effects Conference (NSREC), New Orleans, Louisiana, July 17-21, 2017. 


10 


“A Working List of Priorities" 


e Key thought: What do we need to do to enable 
“higher reliability” small (cost-effective) 
missions? 

— NEPP website is expected to go through a major 
overhaul in the next few months 
¢ Improved access to “bigger thoughts” 
(guidelines, best practices) 
¢ COTS data, and so on 
— Improve “COTS” data sharing 
Extend COTS testing 
— Extend model-based mission assurance 
¢ Guidance on “tailoring” of approaches 
— Best practices are OVERDUE for EEE parts 


What can we learn (or jointly learn) from resilience 
approaches? 
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Radiation Reliability Assessment of CubeSat 
SRAM Experiment Board 


[ 7 = 


e Assessment completed on 
28nm SRAM SEU 
experiment 


e Reasons for integrated 
modeling 


- Use commercial off-the- 
Shelf (COTS) parts 


system mitigation of SEL 
- High risk acceptance 
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At the end of this tutorial you will: 


Nee Rr nn ss Vanderbilt Engineering 
e Understand the reasons for modeling a radiation hardness 
assurance case for a system 


e Understand the basics of graphical argument representation and 
system modeling with block diagrams and fault propagation 


e Have seen a simple example for single-event latch-up (SEL) 
mitigation on commercial off-the-shelf (COTS) parts 


¢ Know the basics about using modelbasedassurance.org to 
model assurance cases for radiation reliability 


To be presented by Rebekah Austin and Ken LaBel at the 2017 Institute of Electrical and Electronics Engineers (IEEE) Nuclear and Space Radiation Effects Conference (NSREC), New Orleans, Louisiana, July 17-21, 2017. 14 


MBAC+ Modeling Flow 


Vanderbilt Engineering 
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Integrated System Design for 
Radiation Environments 


Vanderbilt Engineering 
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Integrated System Design for 
Radiation Environments 


Vanderbilt Engineering 
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Integrated System Design for 
Radiation Environments 


Vanderbilt Engineering 
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Integrated System Design for 
Radiation Environments 


Vanderbilt Engineering 


e Reasons for Activity interaction 
- Commercial parts (COTS) 
- Document-centric work flow to 
model-based system engineering 
- System mitigation (for COTS) 


- Shorter schedules for 
Small spacecraft 
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Model-Based Assurance Case + (MBAC+) 


Vanderbilt Engineering 
¢ Goal Structuring Notation: 


- R&M Template 
- Visual representation of argument 
e System Modeling Language 
(SysML): 
- Specification of systems 
through standard notation 
e Bayesian Network (BN) 


- Nodes describe 
probabilities of states 


- Calculate conditional probabilities 
from observations 
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What is System Engineering and 
Assurance Models (SEAM)? 


Vanderbilt Engineering 
¢ A set of modeling languages in one environment used to 
implement MBAC+ 


These modeling languages allow for reliability activities and 
requirements to become part of the Model-Based System 
Engineering (MBSE) paradigm 


- Move from document-based reliability to objective-based reliability 

- Takes Radiation Hardness Assurance activities from being a 
process that results in unlinked and unrelated documents and 

integrates those activities Into the overall system design process 
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What is SEAM? Cont. 


Vanderbilt Engineering 
© SEAM IS built using iy HP oveniosn , t [Silofey Zz] 


|< ¢ 129.59.105.230 N Ms B= 
We bG M E tool | 23 Apes tr Bockmarts [°) Senge (<] Imported From Frefer i coe -How to deters. () Qemveren- RTEMSWI G configure cer ppc f i é h smarts 


GS e@ror besipostl len cross compaing » how ') partners » |) Other bx 


¢ Models include: Pes Ce RIE 9 
- Goal Structuring , : = z 


Notation (GSN) = gen 
- System model (SysML) saan 
- Fault Propagation Tree 


- Function/Behavior = a | Browser 
Models — a Ne ee 

e Allows for links across 
models 


e Links to external 
documents 


likelihood of failure to an 
‘acceptable level (NASA 
R&M mod). 
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Overall RHA Process 


Vandorhilt Engineering 


- Environment 


Ld Design 
vem) Project Evaluation In-Flight 
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and 
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Technology 
Performance 


Anomaly 


Radiation 
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Instrument 
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and Performance 
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Environmentin 
the presence of 
the spacecraft 


Resolution 


Technology Hardness 
Design Margins 


__teration over project development cycle | —_— ©radile to Gravel! 
Kenneth LaBel at the NASA Electronic Parts and Packaging (NEPP) Electronics Technology Workshop (ETW), Greenbelt, MD, June 17-19, 2014 
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Overall RHA Process 
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Anomal 
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Mechanical 
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and Design 
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Monte Carlo, 
NOVICE, etc. 


Kenneth LaBel at the NASA Electronic Parts and Packaging (NEPP) Electronics Technology Workshop (ETW), Greenbelt, MD, June 17-19, 2014 


Vandeorhilt Engineering 
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Overall RHA Process 


| Design 
\_ Evaluation _ 


"In-Flight > 
\ Evaluation _/ 


Technology : 
___Performance _| 


Anomaly 


Parts List Screening 


Radiation 
Instrument 
Calibration, 

and Performance 
Predictions 


Resolution 


Component | : oe 
Modeling pproache 
Modeling — Box/system Level Approaches 
3D ray trace, and Design 
Monte Carlo, Reliability 
NOVICE, etc. 


__[teration over project development cycle _ Cradle to Grave! 


Vandeorhilt Engineering 


Kenneth LaBel at the NASA Electronic Parts and Packaging (NEPP) Electronics Technology Workshop (ETW), Greenbelt, MD, June 17-19, 2014 
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Overall RHA Process 


Vandeorhilt Engineering 


| In-Flight 
Technology : 
___ Performance | 
Anomaly 
Resolution 


Context 
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Mechanical Mitigation 

Modeling — Box/system Level Approaches 
3D ray trace, and Design 
Monte Carlo, Reliability 
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, 2014 
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Overall RHA Process 


— Vandoerhilt Engineering 


Context 


Technology 
Performance 


Anomaly 
Resolution 


Component 
Mechanical 
Modeling — 
3D ray trace, 
Monte Carlo, 
NOVICE, etc. 


Kenneth LaBel at the NASA Electronic Parts and Packaging (NEPP) Electronics Technology Workshop (ETW), Greenbelt, MD, June 17-19, 2014 


Box/system Level a 
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Foundation: NASA Reliability & Maintainability 
(R&M) Hierarchy 


Vanderbilt Engineering 


e Basis of NASA-STD-8729.1 (R&M Standard) that will 
be released later this year 


¢ Incorporates R&M into MBSE 


¢ Moves to objectives-based 
reliability requirements 
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Graphical Assurance Cases 


—s 


Assurance Case: “A reasoned and compelling argument, supported by a 


body of evidence, that a system, service or organization will operate as intended 
for a defined application in a defined environment.” [1] 


Vanderbilt Engineering 


Argument: “A 
connected series 
of claims intended 
to Support an 
overall claim.” [1] 


Sub-Claim 2 


Evidence 2 


[1] GSN Community Standard Version 1 2011 
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Goal Structuring Notation (GSN): 
Visual Representation of an Argument 


Justification:1 


= Vanderbilt Engineering 


Assumption:1 


Radiation tests are iniiiadanemmanie 
performed on parts with ae 
heavy-ion environment 


th rt be d 
e€ same part number an does not significantly 


eanepaeaceeaed pa contribute to the radiation 
is known about the lot. 
environment. 


CholceJn 


Context:5 


Parts that did not pass 
proton SEL requirement or 
did not have proton SEL 
testing performed: 
Microcontroller, WDT, 


regulators, logic 
translator, and 
mux/demux. 
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Goal Structuring Notation (GSN): 
Visual Representation of an Argument 


Vanderbilt Engineering 


: Justification:1 
Assumption:1 


Heavy-ion SEL tests were 
not performed because the 
heavy-ion environment 
does not significantly 
contribute to the radiation 
environment. 


Radiation tests are 
performed on parts with 
the same part number and 
manufacurer but nothing 
is known about the lot. 


CholceJn 


Strategy: 
Reasoning 
step, nature of 
argument 


Context:5 


Parts that did not pass 
proton SEL requirement or 
did not have proton SEL 
testing performed: 
Microcontroller, WDT, 
regulators, logic 


Supported by: translator, and 

Inferential or mux/demux. 
evidential 

relationships 


Solution: Items of 


evidence. Test 7 a . 
reports linked. alms of the 
argument 
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Goal Structuring Notation (GSN): 
Visual Representation of an Argument 


Vanderbilt Engineering 


Assumption:1 Justification:1 


Ass U mM pti O Nn: Radiation tests are Heavy-ion SEL tests were J U stifi cati O nN: 
performed on parts with not performed because the E = h 
N eeded for the same part number and ale aay Xp al n W y a 
. oes not significan : 
g Oal Or strate OY eee Onn contribute a the aah C | alm OF 


to be valid environment. argument iS 
acceptable 


CholceJn 


In Context of: 
Contextual 
relationships 


M of N options: 
M out of N paths 


Context:5 


Parts that did not pass 
a be proton SEL nae or 
com p | eted to pal le ashe SEL 
p rove 0 Oal io WoT, Co ntext H OW th e 


regulators, logic 
translator, and 
mux/demux. 


claim or reasoning 
step should be 
interpreted. Can be 
linked to documents 
or other models. 
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Goal Structuring Notation (GSN): 
Visual Representation of an Argument 


Vanderbilt Engineering 


; Justification:1 
Assumption:1 
Assumption: 


Radiation tests are 


Heavy-ion SEL tests were J U stifi cation: 
Needed for performed on parts with | EPEC ae Explain why a 
aac eal aca does not significantly claim or 
goal Or strate OY Suen wir tae - contribute to the radiation 
to be valid 


environment. 


argument Is 
acceptable 


CholceJn 


Strategy: 
Reasoning 
step, nature of 
argument 


2 Strategy:6 Strategy:3 Strategy:5 
Process does nothave f/ Perform proton SEL Effects of SEL are 
parasitic thyristors. characterization tests on racterization te 


sts mitigated on system parts. 
system parts. 


In Context of: 


M of N options: 


Contextual 
M out of N paths A relationships 
Parts that did not pass 
Can b e proton SEL ara or 
did not have proton SEL 
com pleted to testing paibedaniaed 
prove goal 


Context: How the 
claim or reasoning 
step should be 
interpreted. Can be 
linked to documents 
or other models. 


Microcontroller, WDT, 
regulators, logic 
translator, and 
mux/demux. 


Supported by: 

Inferential or 
evidential 

relationships 


Solution: Items of 
evidence. Test 
reports linked. 


Goal: 
Claims of the 
argument 
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Goal Structuring Notation (GSN): 
Visual Representation of an Argument 


Vanderbilt Engineering 


Goal: Claims of the 
argument 


Strategy: Reasoning step, 
nature of argument 


Undeveloped entity symbol: 
Indicates the line of reasoning Is 
not complete 


Solution: Items of evidence 
& M of N options: M out of N paths 
can be complete to prove goal 


Context: How the claim or oe 
reasoning step should be 
interpreted Supported by: Inferential or 


evidential relationships 
Justification: Explains why 
a claim or argument is 


In context of: Contextual 
acceptable FRR RRR Rm mmm mre > 


relationships 


Assumption: Needed for 
goal or strategy to be valid 
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System Modeling Language (SysML) 


Vanderbilt Engineering 
¢ Graphical modeling language that supports specification, 


analysis, design, verification, and validation of systems 


- Systems include hardware, software, data, personnel, procedures, 
and facilities 


¢ MBAC+ just uses the Block Diagram modeling standard from 
SysML at the moment 


<< Block >> 
Bus::VUC_ Bus 


<< Block >> 
Power::REM_ Power 


Block: Block 


a 3V_ud->F Port: Shows 
name::Library 1.8v[> aaa 
Part nat 2 power or signa 
0.9V [=> flow 
Corev—> 
= 
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Radiation Fault Propagation Modeling 


Vanderbilt Engineering 


e Fault (F): Change in physical operation, 
depart from nominal 

¢ Anomaly (A): Observable effect or “ee 
anomalous behavior from fault 

e Response (R): Intended response of caomale 
component to A and F (mitigation) —_—-. 

¢ Effects (E): Impact on functionality 


¢ Faults/Anomalies flow through ports to 
affect other components 


FailureLabel 
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CubeSat SRAM Experiment Board 


Vanderbilt Engineering 


Ke}cile 


. : UW @relavaaelitsa 
Addr, Data. USE) ~§ Addr, Data. 


Control Control 
WDI 
Power Domain Color Key: 
Blue: Spacecraft 3V Orange: 3V_switch WOT WDO , Kef-Te 
Green: 3V_uC Red: SRAM Voltages Switch A 


(Oo) t= K-10) 100) ae Koy-loms\Wiinegms 


|/O Regulator Load Switch B » i < mh 
Flip-Flop Switch A 


oy-4[om nX=1:40) (100) ane Load Switch B 
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CubeSat SRAM Experiment Board 


Vanderbilt Engineering 


Ke}cile 


Addr, Data. BICUSMONM Addr Data. 
Control Control 


SRAM Ui @elaiaaeliizis 


WDI 


Power Domain Color Key: 
Blue: Spacecraft 3V Orange: 3V_switch WDO Kef-Te 
Green: 3V_uC Red: SRAM Voltages Switch A 


Core Regulator (sama Load SwitchB ™ 
aay) = Load Switch B ™, Quad Load 


Flip-Flop mm SwitchA 


OR Neal cleo 


~ Logic Regulator - Load Switch B S, 
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MBAC+ Modeling Flow 


Vanderbilt Engineering 


Angumnption: | 


— F | —sveecsz | 1) Determine mission objective and fill in 


ihe Rare part nuriber and 
manwiacwner but mothing contribute to the radkation 


—) | = on top-level of R&M Template 


| Parts that diel not pase 
| proton SEL requirement oe 
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MBAC+ Modeling Flow 


“+ 


Angumnption: | 


Radiation tests are 


Vanderbilt Engineering 


the nama part number and : (D 
contribute be the radkaben 


manutacuner but mothing 
ts epcrve aibeceut: bites fos, Fi: Count Number bf Upsets in SRAM 


: = Sow 
‘Effects of SEL are 


eae a 
arguments dscns a 


Fa: Recovds from SEEs 
: F2: Communitate with SRAM 
| 


| Parts that did mot pase 
proton SEL requirement on 
| did not have proten SEL 


Fa: Cormunleat) with Spa cecratt 


FF: Detect and il over from SELs Fe: Detect and Recover Irom SEFis 


2) Create functional decomposition of 
system 


ie 
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MBAC+ Modeling Flow 


_———— 
Angumnption: | 
| Heavy-ion SEL tests were 
fot performed because the 
dey Se entree rare et 
contribute te the radkation 
arnnronrerd, 


Radiation tests are 
periormed on parla with 
the Sarin part nuniber wr 
manulaecurer but mothing 
ie lonorwm abecrut thee fod. 


| Parts that did mot pass 
proton SEL requirement on 

did not have proten SEL 

| Sesfing performed: 

| Microcontroller, WOT, 

| tegashaterrn, loge 

| brea lobes, sored 
PRCT, 


<< Block >> 
Bus::VUC_Bus 
I2C Buses 
= a 
Power : 


12C_Bus 


<< Block >> 


Power::REM_Power 


Core Vollage 
Core Current 
Flags 
WDI 
Latch PowerStale 
PowerSlale 
CoreSitale 


CoraSt.. 


F2: Communitate with SRAM 


F5: Powhr SRAM 


<< Block >> 
Control::REM_Control 


= i 
Address? 


© Power... 
aS 
€ CoreSl... 


Data 
Address 
Control 


Fi: Count Mum 


F3: Cormmunieath with Spa cecratt 


<< Block >> 


FT: Detect and Rddover from SELs 


ar bf Upsets in SFM 


LogicTranslation::REM_LogicTranslation 


A E 
? ddrass 
=> Control 


Addras. . 


> 


Dala In: 


Data .. 
Contro.. 


~ 


Address T 
Datla in 
Dala out 
Control T 


Vanderbilt Engineering 


Fd: Recover from SEES 


Fe: Detect and Recover Irom SEFis 


<< Block >> 
SRAM::28nm_SRAM 


Adidres... 
ie es — 
? ala in 

Dala o. 
=> Control 
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MBAC+ Modeling Flow 


Angumnption: | 


Radiation tests are 
periormed on parla with 
ihe sane part number and 
manulaecurer but mothing 


SF 


duabfication: 4 


| Heavy-ion SEL tests were 
| sot performed because the 
dey Se entree rare et 

contribute te the radkation 


Vanderbilt Engineering 


ts epcrve aibeceut: bites fos, I Fi: Count Number b Upsets in SRAM 


Fa: Recover: from SEEs 
F2: Communitate with SLAM 


| Paris that did mot pase Fa: Communicaty with Spacecratt 


| proien SEL requirement ox 


did not have proton SEL 


F5: Power SRAM | Fr: Detect and Fi over from SELs Fe: Detect and Recover fram SEFis 


a Fe 


12C_Bus 


= = 
<< Block >> 
<< Block >> : SRAM::28nm_SRAM 
Bus::VUC_Bus << Block >> | | 
<< Block >> 2 


Power::REM_Power 
SSS, LogicTranslation::REM_LogicTranslation 


- = 7 >0. 
et a0 Bus 3V_uCE = —ve Bc 
3V sw. — << Block >> pv 25 aa AddeaT T Pp Addras... 
BY Control::REM_Control ? W... Dala t}—___—___. 


m= Data in pp Data in 
Dala ..1¢ Dat: 
-ai- Coske + Dala oul ata 0. 
Data sa ; Control _T => Control 
CoreVvV > CO Address rpiAddress 
CoreC | ee . x Control => Control 
ae Core Current 
Flags =>. —— 
WO! & ~ 
at WDI 
Latch ._€ 
€ 
€ 


cated , Lait ... 
aera — Latch PowerStale € alc 


CoraSt.. 


=~ PowerSlala.—s—i(‘ié‘édR PU. 


= 
CoreStale € CoreSt... 
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MBAC+ Modeling Flow 


Vanderbilt Engineering 


Angumnption: | 


Radiation tests are 
periormed on parla with 
ihe sane part number and 


manutacurer but meothinay !  enntribte te the radiation 
ts epcrve aibeceut: bites fos, ' Mi | Fi: Count Number b Upsets in SRAM 


Fd: Recover from SEES 
F2: Communitate with SPAM 


| Parts that did mel pase Fa: Communicate with Spacecratt 
| proton SEL requirement ce 

| did not have proton SEL 

| fesiing performed: 


FS: Power SRAM | FT: Detect and Rddover from SELs Fe: Detect and Recover Irom SEFis 


5) Complete 
assurance case 
based on 

= system 


<< Block >> 
<< Block >> | | : SRAM::28nm_SRAM 


= 
Bus::VUC_Bus << Block >> | | a. 
2c Bus Power::REM_Power |] ——ar_——— ee taal eC Ss | g Nn 
Ty  hiteale 


LogicTranslation::REM_LogicTranslation 


33V Bus 3V uc > 


a «w ; y : Addras. . 
3V sw. ? << Block >> E q Address T 


a = ; 
1 ” 3V sw... Dala IfgQQ—__ ‘ , 
BV &® —— Control::REM_Control eC fui z Dala in Dat 
0.9V aps = eit ie Dala oul ala 0. 
Core = cia — & Data #* Date Cantro. $v control 
— #12C Bus Addresdp___ Control T ~ ' 
CoreV¥ 3 —___— 2 ae E =i Address ? Address 

= Core Vollage > CoraV Control-> ~ Control 

CoreC = A Control > Contre 

=" 


we x FS u 
v2 WD! € WD! 
Latch PowerStlate Latch = 


-  PowerSiale || Power... 
——__ CoreSialat*=<“C*‘«é‘saR PL. 


Latch . 
Power. 
CoreSt. : 


> 
> 
> 
> 
> 
> 
€. 
€ 
€ 


To be presented by Rebekah Austin and Ken LaBel at the 2017 Institute of Electrical and Electronics Engineers (IEEE) Nuclear and Space Radiation Effects Conference (NSREC), New Orleans, Louisiana, July 17-21, 2017. A3 


MBAC+ Modeling Flow 


Vanderbilt Engineering 


e = : aera 
Heavy-ion SEL tests were 

| wot peclormed becouee the 
| eay 1 aera orareet 


Angumnption: | 


Radiation tests are 
performed on parka with 
the Sarin part nuniber wr does not significantty 


manuiacuner but mothing 
contnibute to the radation 
ts epcrve aibeceut: bites fos, F Fi: Count Number b Upsets in SRAM 


ER ae rtties 
Fa: Recover: from SEEs 
F2: Communitate with SLAM | 


| Parts that did met pass Fa: Cormmunleats with Spacecratt 
| proton SEL requirement o# 
did not have proten SEL 

| Sesfing performed: 


FS: Power SRAM FT: Detect and Rddover from SELs Fe: Detect and Recover Irom SEFis 


12C_Bus 


<< Block >> 


<< Block >> SRAM::28nm_SRAM 


Bus::VUC_Bus << Block >> 
<< Block >> 


Power::REM_Power 
SSS, LogicTranslation::REM_LogicTranslation 


3 3V Bus 
3 <w woe Address T 
Control::REM_Control rid =< oe "e__ Daan in P Data in 
ala ..) iE 
ae Giaien -_ Dala oul Dala o. 
=_ Oa z Control T > Control 
CoreVvV > Address rpiAddress 
Core > psi aan a 1 3 Control => Control 
. Core Current 
Flags =>. —— 
WDI € Flags 
€ WDI 
€ Latch PowerStale 
Pa PowerSlale Power. . 
CoreSiala € CoraSt... 


<< Block >> > 3V uc Add 8. 9 a tctrs 
1 = 


Latch .- 


Power 
CoraSt.. 
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Live Demo 


Vanderbilt Engineering 


https://modelbasedassurance.org/ 


1) R&M Hierarchy as seed model 


2) Use R&M Hierarchy as a template for example radiation 
reliability assurance case 


3) Link SysML blocks to assurance case 
4) Show team assignment and group working capabilities 


To be presented by Rebekah Austin and Ken LaBel at the 2017 Institute of Electrical and Electronics Engineers (IEEE) Nuclear and Space Radiation Effects Conference (NSREC), New Orleans, Louisiana, July 17-21, 2017. A5 


Site Infrastructure 


Vanderbilt Engineering 
e The contents of the modelbasedassurance.org website have 
been prepared for the Radiation Effects research community for 
informational purposes that are not export controlled. Your 
privacy and security are important to us; please do not upload 
any data that is controlled unclassified information, export 
controlled, or considered to be intellectual property. 


e You can make your own site (internal server, amazon gov cloud, 
etc.) if you want to include Export/ITAR material. Contact us. 
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